Add support for symbol hiding disabled by default.

Fully explained in libcrypto/README. TL;DR make sure libcrypto and libssl's function calls internally and to each other are via symbol names that won't get overridden by linking other libraries. Mostly work by guenther@, which will currently be gated behind a build setting NAMESPACE=yes. once we convert all the symbols to this method we will do a major bump and pick up the changes. ok tb@ jsing@
author: beck <> 2022-11-11 11:25:18 +0000
committer: beck <> 2022-11-11 11:25:18 +0000
commit: 0ba6b15619d4e4feafccdbd0226ee99b70553a11 (patch)
tree: ed6caa2922a04c9566669564e9dda8a563bf522a /src/lib/libssl
parent: e917fd8e13a8b1acf3b53461d4ba34d7022a216e (diff)
download: openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.tar.gz
openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.tar.bz2
openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.zip
4 files changed, 78 insertions, 2 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 1788cd75a3..a6ee26a667 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $
+# $OpenBSD: Makefile,v 1.78 2022/11/11 11:25:18 beck Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -16,6 +16,9 @@ CFLAGS+= -Wall -Wundef
 CFLAGS+= -Werror
 .endif
 CFLAGS+= -DLIBRESSL_INTERNAL
+.ifdef NAMESPACE
+CFLAGS+= -DLIBRESSL_NAMESPACE
+.endif
 .ifdef TLS1_3
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
 CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
@@ -24,7 +27,9 @@ CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
 CFLAGS+= -DTLS13_DEBUG
 .endif
 CFLAGS+= -I${.CURDIR}
+CFLAGS+= -I${.CURDIR}/../libcrypto/hidden
 CFLAGS+= -I${.CURDIR}/../libcrypto/bio
+CFLAGS+= -I${.CURDIR}/hidden
 LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
index 04dd22f16d..d6974cdb24 100644
--- a/src/lib/libssl/bio_ssl.c
+++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_ssl.c,v 1.35 2022/10/05 21:16:14 tb Exp $ */
+/* $OpenBSD: bio_ssl.c,v 1.36 2022/11/11 11:25:18 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -103,6 +103,7 @@ BIO_f_ssl(void)
 {
        return (&methods_sslp);
 }
+LSSL_ALIAS(BIO_f_ssl)
 static int
 ssl_new(BIO *bi)
@@ -532,6 +533,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx)
        BIO_free(ssl);
        return (NULL);
 }
+LSSL_ALIAS(BIO_new_ssl_connect)
 BIO *
 BIO_new_ssl(SSL_CTX *ctx, int client)
@@ -556,6 +558,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client)
        BIO_free(ret);
        return (NULL);
 }
+LSSL_ALIAS(BIO_new_ssl)
 int
 BIO_ssl_copy_session_id(BIO *t, BIO *f)
diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h
new file mode 100644
index 0000000000..540c6e7652
--- /dev/null
+++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -0,0 +1,31 @@
+/*      $OpenBSD: ssl.h,v 1.1 2022/11/11 11:25:18 beck Exp $    */
+/*
+ * Copyright (c) 2022 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBSSL_SSL_H_
+#define _LIBSSL_SSL_H_
+#include_next <openssl/ssl.h>
+#include "ssl_namespace.h"
+LSSL_USED(BIO_f_ssl);
+LSSL_USED(BIO_new_ssl);
+LSSL_USED(BIO_new_ssl_connect);
+LSSL_UNUSED(BIO_new_buffer_ssl_connect);
+LSSL_UNUSED(BIO_ssl_copy_session_id);
+LSSL_UNUSED(BIO_ssl_shutdown);
+#endif /* _LIBSSL_SSL_H_ */
diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h
new file mode 100644
index 0000000000..803f3e66be
--- /dev/null
+++ b/src/lib/libssl/hidden/ssl_namespace.h
@@ -0,0 +1,37 @@
+/*      $OpenBSD: ssl_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $  */
+/*
+ * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _LIBSSL_SSL_NAMESPACE_H_
+#define _LIBSSL_SSL_NAMESPACE_H_
+/*
+ * If marked as 'used', then internal calls use the name with prefix "_lssl_"
+ * and we alias that to the normal name.
+ */
+#ifdef LIBRESSL_NAMESPACE
+#define LSSL_UNUSED(x)          typeof(x) x __attribute__((deprecated))
+#define LSSL_USED(x)            __attribute__((visibility("hidden")))   \
+                                typeof(x) x asm("_lssl_"#x)
+#define LSSL_ALIAS(x)           asm(".global "#x"; "#x" = _lssl_"#x);
+#else
+#define LSSL_UNUSED(x)
+#define LSSL_USED(x)
+#define LSSL_ALIAS(x)
+#endif
+#endif  /* _LIBSSL_SSL_NAMESPACE_H_ */
author	beck <>	2022-11-11 11:25:18 +0000
committer	beck <>	2022-11-11 11:25:18 +0000
commit	0ba6b15619d4e4feafccdbd0226ee99b70553a11 (patch)
tree	ed6caa2922a04c9566669564e9dda8a563bf522a /src/lib/libssl
parent	e917fd8e13a8b1acf3b53461d4ba34d7022a216e (diff)
download	openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.tar.gz openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.tar.bz2 openbsd-0ba6b15619d4e4feafccdbd0226ee99b70553a11.zip

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 1788cd75a3..a6ee26a667 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.77 2022/08/17 07:39:19 jsing Exp $	1	# $OpenBSD: Makefile,v 1.78 2022/11/11 11:25:18 beck Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -16,6 +16,9 @@ CFLAGS+= -Wall -Wundef
16	CFLAGS+= -Werror	16	CFLAGS+= -Werror
17	.endif	17	.endif
18	CFLAGS+= -DLIBRESSL_INTERNAL	18	CFLAGS+= -DLIBRESSL_INTERNAL
		19	.ifdef NAMESPACE
		20	CFLAGS+= -DLIBRESSL_NAMESPACE
		21	.endif
19	.ifdef TLS1_3	22	.ifdef TLS1_3
20	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT	23	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_CLIENT
21	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER	24	CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
@@ -24,7 +27,9 @@ CFLAGS+= -DLIBRESSL_HAS_TLS1_3_SERVER
24	CFLAGS+= -DTLS13_DEBUG	27	CFLAGS+= -DTLS13_DEBUG
25	.endif	28	.endif
26	CFLAGS+= -I${.CURDIR}	29	CFLAGS+= -I${.CURDIR}
		30	CFLAGS+= -I${.CURDIR}/../libcrypto/hidden
27	CFLAGS+= -I${.CURDIR}/../libcrypto/bio	31	CFLAGS+= -I${.CURDIR}/../libcrypto/bio
		32	CFLAGS+= -I${.CURDIR}/hidden
28		33
29	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto	34	LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
30		35


diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 04dd22f16d..d6974cdb24 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bio_ssl.c,v 1.35 2022/10/05 21:16:14 tb Exp $ */	1	/* $OpenBSD: bio_ssl.c,v 1.36 2022/11/11 11:25:18 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -103,6 +103,7 @@ BIO_f_ssl(void)
103	{	103	{
104	return (&methods_sslp);	104	return (&methods_sslp);
105	}	105	}
		106	LSSL_ALIAS(BIO_f_ssl)
106		107
107	static int	108	static int
108	ssl_new(BIO *bi)	109	ssl_new(BIO *bi)
@@ -532,6 +533,7 @@ BIO_new_ssl_connect(SSL_CTX *ctx)
532	BIO_free(ssl);	533	BIO_free(ssl);
533	return (NULL);	534	return (NULL);
534	}	535	}
		536	LSSL_ALIAS(BIO_new_ssl_connect)
535		537
536	BIO *	538	BIO *
537	BIO_new_ssl(SSL_CTX *ctx, int client)	539	BIO_new_ssl(SSL_CTX *ctx, int client)
@@ -556,6 +558,7 @@ BIO_new_ssl(SSL_CTX *ctx, int client)
556	BIO_free(ret);	558	BIO_free(ret);
557	return (NULL);	559	return (NULL);
558	}	560	}
		561	LSSL_ALIAS(BIO_new_ssl)
559		562
560	int	563	int
561	BIO_ssl_copy_session_id(BIO t, BIO f)	564	BIO_ssl_copy_session_id(BIO t, BIO f)


diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h new file mode 100644 index 0000000000..540c6e7652 --- /dev/null +++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -0,0 +1,31 @@
		1	/* $OpenBSD: ssl.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2022 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBSSL_SSL_H_
		19	#define _LIBSSL_SSL_H_
		20
		21	#include_next <openssl/ssl.h>
		22	#include "ssl_namespace.h"
		23
		24	LSSL_USED(BIO_f_ssl);
		25	LSSL_USED(BIO_new_ssl);
		26	LSSL_USED(BIO_new_ssl_connect);
		27	LSSL_UNUSED(BIO_new_buffer_ssl_connect);
		28	LSSL_UNUSED(BIO_ssl_copy_session_id);
		29	LSSL_UNUSED(BIO_ssl_shutdown);
		30
		31	#endif /* _LIBSSL_SSL_H_ */


diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h new file mode 100644 index 0000000000..803f3e66be --- /dev/null +++ b/src/lib/libssl/hidden/ssl_namespace.h
@@ -0,0 +1,37 @@
		1	/* $OpenBSD: ssl_namespace.h,v 1.1 2022/11/11 11:25:18 beck Exp $ */
		2	/*
		3	* Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _LIBSSL_SSL_NAMESPACE_H_
		19	#define _LIBSSL_SSL_NAMESPACE_H_
		20
		21	/*
		22	* If marked as 'used', then internal calls use the name with prefix "_lssl_"
		23	* and we alias that to the normal name.
		24	*/
		25
		26	#ifdef LIBRESSL_NAMESPACE
		27	#define LSSL_UNUSED(x) typeof(x) x __attribute__((deprecated))
		28	#define LSSL_USED(x) __attribute__((visibility("hidden"))) \
		29	typeof(x) x asm("_lssl_"#x)
		30	#define LSSL_ALIAS(x) asm(".global "#x"; "#x" = _lssl_"#x);
		31	#else
		32	#define LSSL_UNUSED(x)
		33	#define LSSL_USED(x)
		34	#define LSSL_ALIAS(x)
		35	#endif
		36
		37	#endif /* _LIBSSL_SSL_NAMESPACE_H_ */